malware

[Caution] Virus/XLS Xanpei Infecting Normal Excel Files

The ASEC analysis team has recently discovered the constant distribution of malware strains that spread the infection when Excel file is opened. Besides infecting normal Excel files, they can also perform additional malicious behaviors such as acting as a downloader and performing DNS Spoofing, therefore, users need to take great caution. The common trait of the malware strains is to spread the virus through the VBA (Visual Basic for Applications) codes included in Excel files. Upon opening the infected Excel…

Distribution of ClipBanker Disguised as Malware Creation Tool

The ASEC analysis team has recently discovered a distribution of ClipBanker disguised as a malware creation tool. ClipBanker is a malware that monitors the clipboard of the infected system. If a string for a coin wallet address is copied, the malware changes it to the address designated by the attacker. Such type of malware has been continuously distributed since the past. The website that distributes ClipBanker is called ‘Russia black hat’ as shown below. It has various programs related to…

Distribution of Remcos RAT Disguised as Tax Invoice

The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short message written in awkward grammar. As users who are doing tax-related work may run the executable without a second thought about what’s written within the email, caution is advised. Upon decompressing the attachment ‘Tax.gz’, an…

New Infostealer ‘ColdStealer’ Being Distributed

The ASEC analysis team has discovered the distribution of ColdStealer that appears to be a new type of infostealer. The malware disguises itself as a software download for cracks and tools, a distribution method that was mentioned multiple times in previous ASEC blog posts. There are two cases for this type of malware distribution: 1. Distributing a single type of malware such as CryptBot or RedLine2. Dropper-type malware decompressing and executing various internal malware strains ColdStealer was distributed with the…

Increased Phishing Attacks Disguised as Microsoft

The ASEC analysis team has recently discovered phishing emails disguised as Microsoft login pages. As shown in the figure below, one of the collected samples is disguised as the company’s voice message to prompt users to click the attached playback file. Clicking the file redirects users to a phishing webpage disguised as a Microsoft login page. Another sample is an attachment disguised as a file that is sent with a scanner, prompting users to click the attachment. Again, clicking the…